Mandiant is a recognized leader in cyber security expertise and has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone. Mandiant partners with Federal Governments across the globe to protect their national security interests, guarding nation-state secrets, and defending critical infrastructure from cyber-attacks. Our experience has provided us with a unique understanding of the challenges Federal Governments face, and we systematically align our solution and product development cycles to meet their needs. Mandiant isn’t just focused on one threat vector or adversary type. We counter all evolving cyber threats facing public and private sector organizations around the globe.
The Security Platform Engineer (SPE) will be responsible for the deployment, configuration, and support of SecOPS capabilities and systems used within the SOC. Partnering closely with the SOC Manager and associated tech leads, the SPE will coordinate updates and enhancements with core Google GDCH Engineering Team’s for ensured platform stability, effectiveness, and system compliance.
- Lead development and maintenance of systems that analyze collected data and derives facts, inferences, and projections to determine if the systems being monitored are operating normally or being attacked by an adversary
- Define best practices in configuring and architecting systems which support SecOps analysts and end-users
- Support the collection and extraction of data used to refine existing and new reports, analytics, and dashboards, and will be involved with the drafting and creation of reports and dashboards based on end-user requirements
- Partner with the broader Security Operations team to better define the audit data being collected to eliminate false positives and false negatives from SIEM data
- SECRET/TOP SECRET Clearance
- A Bachelor’s Degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the position; OR
- Education and/or experience which is equivalent to the above
- Splunk Certified Architect
- Experience designing, building, maintaining, large Splunk infrastructures in Cloud Environments
- Expert Splunk application and dashboard developer using complex data searches
- Experience optimizing applications to reduce impact on resources
- Experience with Splunk administration, configuration, tuning large environments
- Experience with data onboarding, Splunk TAs
- Experience managing complex data, specifically managing role-based access control, configuring roles, and designing data onboarding to support current and future roles
- Experience with Regex and custom scripting
- Expertise in Splunk SPL and python
- Experience with Splunk Premium Apps - ITSI and Enterprise Security (ES) minimally
- Strong communication skills
- Ability to collaborate and work efficiently and effectively in a collaborative SOC environment
As a U.S. federal contractor, Mandiant has adopted a COVID-19 Vaccination Policy to comply with our obligations under applicable laws and requirements. This position may be covered under Mandiant’s COVID-19 Vaccination Policy, as required in order to support federal contracts, access company offices and/or attend in-person meetings and work events. If covered under this policy, proof of vaccination against COVID-19 may be required as a condition of hire.
At Mandiant we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
This position must be located in the Washington DC/Metro area.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided